Configuring Log Output Destinations - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 42
Monitoring the Security Appliance
Configuring Log Output Destinations
This section describes how to specify where the security appliance should save or send the log messages
it generates. To view logs generated by the security appliance, you must specify a log output destination.
If you enable logging without specifying a log output destination, the security appliance generates
messages but does not save them to a location from which you can view them.
This section includes the following topics:
•
•
•
•
•
•
Sending System Log Messages to a Syslog Server
This section describes how to configure the security appliance to send logs to a syslog server.
Configuring the security appliance to send logs to a syslog server enables you to archive logs, limited
only by the available disk space on the server, and it enables you to manipulate log data after it is saved.
For example, you could specify actions to be executed when certain types of system log messages are
logged, extract data from the log and save the records to another file for reporting, or track statistics
using a site-specific script.
The syslog server must run a program (known as a server) called syslogd. UNIX provides a syslog server
as part of its operating system. For Windows 95 and Windows 98, obtain a syslogd server from another
vendor.
To start logging to a syslog server you define in this procedure, be sure to enable logging for all output
Note
locations. See the
disable logging, see the
page
To configure the security appliance to send system log messages to a syslog server, perform the
following steps:
To designate a syslog server to receive the logs, enter the following command:
Step 1
hostname(config)# logging host interface_name ip_address [tcp[/port] | udp[/port]]
[format emblem]
Where the format emblem keyword enables EMBLEM format logging for the syslog server. (UDP
only).
The interface_name argument specifies the interface through which you access the syslog server.
The ip_address argument specifies the IP address of the syslog server.
The tcp[/port] or udp[/port] argument specifies that the security appliance should use TCP or UDP to
send system log messages to the syslog server. The default protocol is UDP. You can configure the
security appliance to send data to a syslog server using either UDP or TCP, but not both. If you specify
TCP, the security appliance discovers when the syslog server fails and discontinues sending logs. If you
OL-10088-01
Sending System Log Messages to a Syslog Server, page 42-7
Sending System Log Messages to the Console Port, page 42-8
Sending System Log Messages to an E-mail Address, page 42-9
Sending System Log Messages to ASDM, page 42-10
Sending System Log Messages to a Telnet or SSH Session, page 42-11
Sending System Log Messages to the Log Buffer, page 42-12
"Enabling Logging to All Configured Output Destinations" section on page
"Disabling Logging to All Configured Output Destinations" section on
42-6.
Cisco Security Appliance Command Line Configuration Guide
Configuring and Managing Logs
42-6. To
42-7
Advertisement
Table of Contents
Troubleshooting
